SECURING


Internet certificates for TLS and S/MIME

Before Internet and Notes® clients can use client authentication or send signed mail, they must have an Internet certificate. To send encrypted mail using S/MIME, they must have the recipient's Internet certificate.

About this task

You need to complete these steps for Internet and Notes clients who are creating new public and private keys for the Internet certificate. You do not need to complete these steps if you are using a Notes client and the CA issued certificates in the Person document of the Domino® Directory. Notes automatically adds Internet certificates stored in the Person document to the Notes ID file when the user authenticates with the server.

You can also set up Notes clients to use different certificates for signing and encryption. You designate one Internet certificate authentication and signing, and another for encryption.


Parent topic: TLS and S/MIME for clients

To obtain an Internet certificate for a Notes client

About this task

The procedure that Notes clients follow to request an Internet certificate is the same whether a Domino CA or third-party CA issues the certificates.

Procedure

1. Have users request an Internet certificate.

2. The CA approves the request by signing the certificate, and Domino automatically adds the client's Internet certificate to the user's Person document.

3. Have users merge the Internet certificate into their ID file.

Results

For information on how Notes users request and merge Internet certificates into their ID files, see the HCL Notes Help.

You can also issue Internet certificates for Notes clients in Person documents so that users aren't required to submit Internet certificate requests .

To obtain an Internet certificate for an Internet client from a Domino CA

Procedure

1. If you are using a Domino server-based certification authority, browse to the Certificate Request application. If you are using a Domino 5 certificate authority, browse to the Domino Certificate Authority application.


2. Click Request Client Certificate.

3. Enter your name and organizational information. This information will appear on your Internet certificate.

4. Enter any additional contact information that you want to send to the CA.

5. Enter the size for the public and private keys. The larger the number, the stronger the encryption.

6. Click Submit Certificate Request to send the request to the CA.

To obtain an Internet certificate for an Internet client from a Third-party CA

About this task

The third-party CA determines how you request an Internet certificate. Browse to the third-party CA's site, and enter the certificate request. A dialog box appears that allows you to request the certificate.

Related concepts
Dual Internet certificates for S/MIME encryption and signatures

Related tasks
Signing an Internet client certificate and adding the certificate to the Domino Directory
Issuing Internet certificates in a Person document
Setting up Notes and Internet clients for TLS client authentication
Creating Internet certificates for Notes S/MIME clients